Description
A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/mod_room/index.php?view=edit. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
Published: 2026-03-27
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Database Compromise
Action: Immediate Patch
AI Analysis

Impact

A flaw in itsourcecode Free Hotel Reservation System allows a remote attacker to manipulate the ID parameter in /admin/mod_room/index.php?view=edit. This results in an SQL injection that can expose or alter data in the underlying database, potentially granting the attacker unauthorized access to sensitive information or the ability to modify records. The weakness is based on the improper handling of user input for constructing SQL statements.

Affected Systems

The vulnerable component is the 1.0 release of itsourcecode Free Hotel Reservation System, specifically the admin room edit functionality located in /admin/mod_room/index.php. The issue affects any deployment of this product without an applied fix.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. EPSS data is unavailable, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack vector is inferred to be remote because the description states that the flaw can be exploited from an external location, and exploitation code has already been published, raising the likelihood that attackers may target affected installations.

Generated by OpenCVE AI on March 27, 2026 at 19:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch or upgrade to a version that addresses the SQL injection in the admin module.
  • Restrict external access to the /admin/mod_room directory using a web‑application firewall or network ACLs.
  • Enforce parameterized SQL queries and validate user input in the application logic.
  • Limit the database account used by the application to the minimum set of required privileges.
  • Monitor web and database logs for suspicious query patterns and take corrective action if anomalies are detected.

Generated by OpenCVE AI on March 27, 2026 at 19:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 28 Mar 2026 03:15:00 +0000

Type Values Removed Values Added
Description A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/mod_room/index.php?view=edit. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. If you want to get the best quality for vulnerability data then you always have to consider VulDB. A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/mod_room/index.php?view=edit. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Description A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/mod_room/index.php?view=edit. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Title itsourcecode Free Hotel Reservation System index.php sql injection
First Time appeared Itsourcecode
Itsourcecode free Hotel Reservation System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:itsourcecode:free_hotel_reservation_system:*:*:*:*:*:*:*:*
Vendors & Products Itsourcecode
Itsourcecode free Hotel Reservation System
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Itsourcecode Free Hotel Reservation System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-27T22:08:05.053Z

Reserved: 2026-03-27T08:26:57.746Z

Link: CVE-2026-4966

cve-icon Vulnrichment

Updated: 2026-03-27T19:30:05.415Z

cve-icon NVD

Status : Received

Published: 2026-03-27T18:16:06.810

Modified: 2026-03-27T23:17:17.840

Link: CVE-2026-4966

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:27:55Z

Weaknesses